Microsoft Support Team's IIS Blog

Recent Posts

Procdump is a light weight Sysinternal's command-line utility whose primary purpose is monitoring an application for CPU spikes and generating crash dumps during such spikes which an administrator or developer can use to determine the cause or to share the dump with PSS for further analysis. It also can serve as a general process dump utility that you can embed in other scripts.

It completely eliminates the need to maintain different utilities like Debug Daig 1.1 for 32 bit processes and adplus for 64 bit processes on the same server.

The Problem

Looking at task manager we can see w3wp.exe process is spiking CPU between 49%-60% intermittently and then immediately it goes down.

In order to troubleshoot we need to capture 2 sets of dump for w3wp.exe when process reaches 50% CPU and stays there for 3 consecutive seconds or so.This, using Debug Diag 1.1 or Adplus could be a tricky task as it would require great deal of accuracy to manually generate dumps when the actual CPU spike happens or we may end up taking dumps without capturing real activity responsible for the spike.

The Savior

ProcDump.execomes inhandy in such situation to speed up the course of action and help in getting the right set of data. It would monitor the target process for CPU spike within specified time limit and take snapshot at that point.

For example:

procdump -ma -c 50 -s 3 -n 2 5844(Process Name or PID)

-ma Write a dump file with all process memory. The default dump format includes thread and handle information.

-c CPU threshold at which to create a dump of the process.

-s Consecutive seconds CPU threshold must be hit before dump written (default is 10).

-n Number of dumps to write before exiting.

The above command would monitor the w3wp.exe till CPU spikes 50% for 3 seconds and it would take full dump at least for two iterations.